Signal
CVE-2026-22769: dell RecoverPoint for vms zero-day exploited since mid-2024
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-02-17 19:07 UTCUpdated 2026-02-18 14:56 UTC
rssx
cvezero_dayactive_exploitationvendor_advisorychina_nexuscyberespionage
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
A critical hardcoded-credential flaw in Dell RecoverPoint for Virtual Machines (CVE-2026-22769, CVSS 10.0) is reported as exploited in the wild as a zero-day since at least mid-2024, with multiple reports attributing activity to a suspected China-linked cyberespionage cluster tracked as UNC6201.
Entities
DellGoogleMandiantIvantiRecoverPoint for Virtual MachinesBRICKSTORMGRIMBOLTSLAYSTYLE
Score total
2.31
Momentum 24h
11
Posts
11
Origins
10
Source types
2
Duplicate ratio
9%
Why now
- New reporting says exploitation has been ongoing since mid-2024 but is only now broadly surfaced.
- Advisories and vulnerability records published/updated Feb 17–18, 2026.
- Multiple outlets amplified the same campaign details within a 24-hour window.
Why it matters
- Hardcoded credentials can enable unauthenticated access and persistence on affected systems.
- Reports describe long-dwell espionage activity and stealthy backdoors in targeted networks.
- Advisories indicate exploitation in the wild, raising urgency for patching.
LLM analysis
Topic mix: mediumPromo risk: lowSource quality: high
Recurring claims
- CVE-2026-22769 (RecoverPoint for Virtual Machines) is being exploited in the wild as a zero-day since at least mid-2024.
- The vulnerability is described as a hardcoded credential issue in Dell RecoverPoint for Virtual Machines and is rated critical (CVSS 10.0).
- Reporting links the exploitation to a suspected China-nexus cluster tracked as UNC6201 and describes malware/backdoors including BRICKSTORM and GRIMBOLT.
How sources frame it
- Canadian Centre For Cyber Security: neutral
- NVD: neutral
- BleepingComputer: neutral
- Unit42: supportive
Cluster centers on active exploitation of a critical hardcoded-credential flaw in Dell RecoverPoint for Virtual Machines (CVE-2026-22769) and related vendor/government advisories.
All evidence
All evidence
China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769)
Help Net Security · helpnetsecurity.com · 2026-02-18 14:56 UTC
Dell security advisory (AV26-138)
Canadian Centre for Cyber Security - Alerts · cyber.gc.ca · 2026-02-18 14:03 UTC
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
The Hacker News · thehackernews.com · 2026-02-18 10:32 UTC
Chinese APT Group Exploits Dell Zero-Day for Two Years
Infosecurity Magazine · infosecurity-magazine.com · 2026-02-18 10:10 UTC
Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage Group
SecurityWeek · securityweek.com · 2026-02-18 07:09 UTC
Security Update for RecoverPoint for Virtual Machines Hardcoded Credential Vulnerability
NCSC-FI - Vulnerabilities · nvd.nist.gov · 2026-02-18 03:00 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -
Showing 6 / 0
Top publishers (this list)
- Help Net Security (1)
- Canadian Centre for Cyber Security - Alerts (1)
- The Hacker News (1)
- Infosecurity Magazine (1)
- SecurityWeek (1)
- NCSC-FI - Vulnerabilities (1)
Top origin domains (this list)
- helpnetsecurity.com (1)
- cyber.gc.ca (1)
- thehackernews.com (1)
- infosecurity-magazine.com (1)
- securityweek.com (1)
- nvd.nist.gov (1)